apiVersion: v1
kind: Secret
metadata:
  name: token-refresher-oidc
stringData:
  audience: lokistack
  clientId: user
  clientSecret: secret
  issuerUrl: http://hydra.hydra.svc:4444/
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/instance: token-refresher
    app.kubernetes.io/name: token-refresher
    app.kubernetes.io/version: master-2021-03-05-b34376b
  name: token-refresher
spec:
  selector:
    matchLabels:
      app.kubernetes.io/instance: token-refresher
      app.kubernetes.io/name: token-refresher
  template:
    metadata:
      labels:
        app.kubernetes.io/instance: token-refresher
        app.kubernetes.io/name: token-refresher
        app.kubernetes.io/version: master-2021-03-05-b34376b
    spec:
      containers:
      - args:
        - --log.level=debug
        - --log.format=logfmt
        - --web.listen=0.0.0.0:8080
        - --web.internal.listen=0.0.0.0:8081
        - --oidc.audience=$(OIDC_AUDIENCE)
        - --oidc.client-id=$(OIDC_CLIENT_ID)
        - --oidc.client-secret=$(OIDC_CLIENT_SECRET)
        - --oidc.issuer-url=$(OIDC_ISSUER_URL)
        - --url=http://lokistack-dev-gateway-http.default.svc:8080
        env:
        - name: OIDC_AUDIENCE
          valueFrom:
            secretKeyRef:
              key: audience
              name: token-refresher-oidc
        - name: OIDC_CLIENT_ID
          valueFrom:
            secretKeyRef:
              key: clientId
              name: token-refresher-oidc
        - name: OIDC_CLIENT_SECRET
          valueFrom:
            secretKeyRef:
              key: clientSecret
              name: token-refresher-oidc
        - name: OIDC_ISSUER_URL
          valueFrom:
            secretKeyRef:
              key: issuerUrl
              name: token-refresher-oidc
        image: quay.io/observatorium/token-refresher:master-2021-03-05-b34376b
        name: token-refresher
        ports:
        - containerPort: 8081
          name: internal
        - containerPort: 8080
          name: web
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/instance: token-refresher
    app.kubernetes.io/name: token-refresher
    app.kubernetes.io/version: master-2021-03-05-b34376b
  name: token-refresher
spec:
  ports:
  - name: internal
    port: 8081
    protocol: TCP
    targetPort: 8081
  - name: web
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app.kubernetes.io/instance: token-refresher
    app.kubernetes.io/name: token-refresher
  type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.middlewares: token-refresher-stripprefix@file
  labels:
    app.kubernetes.io/component: token-refresher
    app.kubernetes.io/instance: token-refresher
    app.kubernetes.io/name: token-refresher
  name: token-refresher
spec:
  rules:
  - http:
      paths:
      - backend:
          service:
            name: token-refresher
            port:
              name: web
        path: /token-refresher
        pathType: Prefix